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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (currently amended) A method for accessing resources on a private 
network via an intermediary server that is outside the private network , said method 
comprising: 

(a) receiving a login request from a user for access to the intermediary 
server that is outside the private network : 

(b) authenticating the user; 

(c) subsequently receiving a resource request from the user at the 
intermediary server, the resource request requesting a particular operation with respect to 
a resource from the private network; 

(d) obtaining access privileges for the user; 

(e) determining whether the access privileges for the user permit the user 
to perform the particular operation at the private network; and 

(f) preventing performance of the particular operation at the private 
network such that a response to the resource request is not had when said determining (e) 
determines that the access privileges for the user do not permit the user to perform the 
particular operation at the private network. 
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2. (original) A method as recited in claim 1, wherein the particular operation 
is one of a resource request, a file access operation or an email operation. 

3. (original) A method as recited in claim 1, wherein said authenticating (b) 
determines whether the user is authenticated based on an external authentication server. 

4. (original) A method as recited in claim 3, wherein the external 
authentication server is within the private network. 

5. (original) A method as recited in claim 1, wherein the intermediary server 
stores the access privileges for a plurality of users. 

6. (original) A method as recited in claim 1, wherein the intermediary server 
stores an authentication identifier for each of a plurality of users, the authentication 
identifier identifies an external authentication server to be used to perform said 
authenticating (b). 

7. (original) A method as recited in claim 6, wherein the external 
authentication server is within the private network. 

8. (original) A method as recited in claim 7, wherein the authentication 
identifier comprises a network address for the external authentication server. 
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9. (original) A method as recited in claim 1, wherein the resource request is 
from a client-side application operating on a client machine. 

10. (original) A method as recited in claim 9, wherein the client-side 
application is selected from the group consisting of a web browser, an email application 
or a file access application. 

11. (original) A method as recited in claim 1, wherein the user is a remote 

user. 

12. (original) A method as recited in claim 1, wherein the resource request is 
from a client-side application operating on a remote client machine. 

13. (currently amended) A method as recited in claim 1, wherein the private 
network is an intranet or other network a corporate network. 

14. (original) A method as recited in claim 1, wherein the resource request is 
from a network browser. 

15. (original) A method as recited in claim 1, wherein said method further 
comprises: 
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(g) performing the particular operation at the private network to determine 
a response to the resource request when said determining (e) determines that the access 
privileges for the user permit the user to perform the particular operation at the private 
network. 

16. (original) A method as recited in claim 1, wherein the user has an Internet 
Protocol (IP) address associated therewith, and 

wherein said determining (e) comprises: 

(el) determining whether the access privileges for the user permit 
the user to perform the particular operation at the private network; and 

(e2) determining whether the IP address associated with the user is 

authorized. 

17. (original) A method as recited in claim 16, wherein said determining (e) 
further comprises: 

(e3) determining whether time-of-day restrictions are satisfied. 

18. (original) A method as recited in claim 17, wherein the access privileges 
comprise permitted operations, authorized IP addresses, and time-of-day restrictions for a 
plurality of users. 
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19. (currently amended) A method for providing remote access to a private 
network via an intermediary server that is outside the private network , said method 
comprising: 

(a) receiving a login request from a remote user for access to the 
intermediary serve r that is outside the private network ; 

(b) determining whether the remote user is permitted access to the 
intermediary server; 

(c) granting the remote user access to the intermediary server when said 
determining (b) determines that the remote user is permitted access, the granted access 
also carries access privileges to predetermined portions of the private network; 

(d) subsequently receiving a resource request from the remote user at the 
intermediary server, the resource request requesting a particular resource; 

(e) determining whether the resource request from the remote user is 
permitted by the access privileges; 

(f) supplying the particular resource to the remote user when said 
determining (e) determines that the resource request from the user is permitted; and 

(g) denying the remote user from access to the particular resource when 
said determining (e) determines that the resource request from the user is not permitted. 

20. (original) A method as recited in claim 19, wherein said supplying (f) 
comprises: 

(f 1) retrieving the particular resource from a content server; 
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(f2) modifying at least one URL within the particular resource; and 
(f3) sending the modified resource to the remote user. 

21. (original) A method as recited in claim 19, wherein said supplying (f) 
comprises: 

(fl) modifying the response so that links within the response point to the 
intermediate server; and 

(f2) sending the modified resource to the remote user. 

22. (original) A method as recited in claim 19, wherein said supplying (f) 
comprises: 

(f 1) determining a host name for a remote server hosting the particular 
resource being requested; 

(f2) sending a request for the particular resource to the remote server 
based on the determined host name; and 

(f3) receiving, at the intermediary server, a response to the request from 
the remote server. 

23. (original) A method as recited in claim 22, wherein said supplying (f) 
comprises: 

(f4) modifying the response so that links within the response point to the 
intermediate server; and 
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(f5) sending the modified resource to the remote user. 

24. (original) A method as recited in claim 23, wherein the private network is 
an intranet. 

25. (original) A method as recited in claim 23, wherein the resource request is 
from a network browser. 

26. (original) A method as recited in claim 23, wherein the resource request is 
from a client-side application operating on a remote client machine. 

27. (original) A method as recited in claim 25, wherein the client- side 
application is selected from the group consisting of: a web browser, an email application 
or a file access application. 

28. (original) A method as recited in claim 19, wherein the private network is 
an intranet or other network. 

29. (original) A method as recited in claim 19, wherein the resource request is 
from a network browser. 
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30. (original) A method as recited in claim 19, wherein the resource request is 
from a client-side application operating on a remote client machine. 

31. (currently amended) An intermediary server system, comprising: 

a web server that receives requests for resources from client machines via 

a network; 

a protocol handler operatively connected to said web server, said protocol 
handler receives the requests for resources, modifies the requests to be directed to 
appropriate remote servers via the private network, and forwards the modified requests 
for resources to the appropriate remote servers; and 

a content transformer operatively connected to said protocol handler, said 
content transformer receives the resources supplied by the appropriate remote servers in 
response to the modified requests and modifies the resources such that at least certain 
links contained therein are modified to be directed to said intermediary server system 
instead of remote servers ; and 

an authentication manager that is located outside the private network and manages 
access by said client devices to resources on the private network . 

32. (currently amended) An intermediary server system as recited in claim 31, 
wherein said intermediary server system further comprises: 

an authentication manager that manages access by said client devices to 
resources on the private network; and 
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a data store for storage of session authentication information and access 
privileges for the users, 

wherein access to the resources is not permitted unless the user requesting 
the access is authenticated and has sufficient access privileges. 

33. (original) A system as recited in claim 32, wherein said system further 
comprises an authentication server provided within said private network for 
authenticating the users to provide authentication results, and 

wherein said intermediary server permits or denies access to said private 
network via said intermediary server by the users based on the authentication results. 

34. (currently amended) A tangible computer readable medium including at 
least computer program code for enabling access to resources on a private network via an 
intermediary server that is outside the private network , said computer readable medium 
comprising: 

computer program code for receiving a login request from a user for 
access to the intermediary server that is outside the private network ; 

computer program code for determining whether the user is permitted 
access to the intermediary server; 

computer code for receiving a resource request from the user at the 
intermediary server after it has been determined that the user is permitted access to the 



-10- 



PATENT 

U.S. Patent Application No. 10/060,792 
Attorney Docket No. 0023-0220 



intermediary server, the resource request requesting a particular operation with respect to 
a resource from the private network; 

computer code for obtaining access privileges for the user; 

computer code for determining whether the access privileges for the user 
permit the user to perform the particular operation at the private network; and 

computer code for preventing performance of the particular operation at 
the private network such that a response to the resource request is not had when said 
computer code for determining determines that the access privileges for the user do not 
permit the user to perform the particular operation at the private network. 

35. (original) A computer readable medium as recited in claim 34, wherein 
the particular operation is one of a resource request, a file access operation or an email 
operation. 

36. (original) A computer readable medium as recited in claim 34, wherein 
said computer code for authenticating determines whether the user is authenticated based 
on an external authentication server. 

37. (original) A computer readable medium as recited in claim 34, wherein 
the intermediary server stores the access privileges for a plurality of users, and 
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wherein the intermediary server stores an authentication identifier for each 
of a plurality of users, the authentication identifier identifies an external authentication 
server to be used to perform authentication. 

38. (original) A computer readable medium as recited in claim 34, wherein 
the resource request is from a client-side application operating on a client machine, and 

wherein the client-side application is selected from the group consisting of 
a web browser, an email application or a file access application. 

39. (original) A computer readable medium as recited in claim 34, wherein 
said computer readable medium further comprises: 

computer code for performing the particular operation at the private 
network to determine a response to the resource request when said computer code Re- 
determining determines that the access privileges for the user permit the user to perform 
the particular operation at the private network. 

40. (original) A computer readable medium as recited in claim 34, wherein 
the user has an Internet Protocol (IP) address associated therewith, and 

wherein said computer code for determining comprises computer code for 
determining whether the access privileges for the user permit the user to perform the 
particular operation at the private network, and computer code for determining whether 
the IP address associated with the user is authorized. 
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41 . (original) A computer readable medium as recited in claim 40, wherein 
said computer code for determining further comprises computer code for determining 
whether time-of-day restrictions are satisfied. 

42. (original) A computer readable medium as recited in claim 41, wherein 
the access privileges comprise permitted operations, authorized IP addresses, and time- 
of-day restrictions for a plurality of users. 

43. (canceled) 

44. (currently amended) A tangible computer readable medium including at 
least computer program code to facilitate access to a private network via an intermediary 
server that is outside the private network , said computer readable medium comprising: 

computer program code for receiving a login request from a user for 
access to the intermediary server that is outside the private network ; 

computer program code for determining whether the user is permitted 
access to the intermediary server; 

computer program code for granting the user access to the intermediary 
server when said computer program code for determining determines that the user is 
permitted access, the granted access also carries access privileges to predetermined 
portions of the private network; 
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computer program code for subsequently receiving a resource request 
from the user at the intermediary server, the resource request requesting a particular 
resource; 

computer program code for determining whether the resource request from 
the user is permitted by the access privileges; 

computer program code for supplying the particular resource to the user 
when said computer program code for determining determines that the resource request 
from the user is permitted; and 

computer program code for denying the user from access to the particular 
resource when said computer program code for determining determines that the resource 
request from the user is not permitted. 

45. (original) A computer readable medium as recited in claim 44, wherein 
said computer program code for supplying comprises: 

computer program code for retrieving the particular resource from a 

content server; 

computer program code for modifying at least one URL within the 
particular resource; and 

computer program code for sending the modified resource to the user. 

46. (original) A computer readable medium as recited in claim 44, wherein 
said computer program code for supplying comprises: 
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computer program code for modifying the response so that links within the 
response point to the intermediate server; and 

computer program code for sending the modified resource to the user. 



47. (original) A computer readable medium as recited in claim 44, wherein 
said computer program code for supplying comprises: 

computer program code for determining a host name for a remote server 
hosting the particular resource being requested; 

computer program code for sending a request for the particular resource to 
the remote server based on the determined host name; and 

computer program code for receiving, at the intermediary server, a 
response to the request from the remote server. 



48. (original) A computer readable medium as recited in claim 47, wherein 
said computer program code for supplying comprises: 

computer program code for modifying the response so that links within the 
response point to the intermediate server; and 

computer program code for sending the modified resource to the user. 



49. (original) A computer readable medium as recited in claim 44, wherein 
the resource request is from a client- side application operating on a remote client 
machine. 
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50. (original) A computer readable medium as recited in claim 49, wherein 
the client- side application is selected from the group consisting of a web browser, an 
email application or a file access application. 
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